aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/lib
diff options
context:
space:
mode:
Diffstat (limited to 'server/lib')
-rw-r--r--server/lib/auth.ts7
-rw-r--r--server/lib/client-html.ts11
2 files changed, 10 insertions, 8 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts
index acf0da18a..466c9bdd4 100644
--- a/server/lib/auth.ts
+++ b/server/lib/auth.ts
@@ -13,6 +13,7 @@ import {
13} from '@server/types/plugins/register-server-auth.model' 13} from '@server/types/plugins/register-server-auth.model'
14import * as express from 'express' 14import * as express from 'express'
15import * as OAuthServer from 'express-oauth-server' 15import * as OAuthServer from 'express-oauth-server'
16import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes'
16 17
17const oAuthServer = new OAuthServer({ 18const oAuthServer = new OAuthServer({
18 useErrorHandler: true, 19 useErrorHandler: true,
@@ -215,7 +216,7 @@ function proxifyExternalAuthBypass (req: express.Request, res: express.Response)
215 const obj = authBypassTokens.get(req.body.externalAuthToken) 216 const obj = authBypassTokens.get(req.body.externalAuthToken)
216 if (!obj) { 217 if (!obj) {
217 logger.error('Cannot authenticate user with unknown bypass token') 218 logger.error('Cannot authenticate user with unknown bypass token')
218 return res.sendStatus(400) 219 return res.sendStatus(HttpStatusCode.BAD_REQUEST_400)
219 } 220 }
220 221
221 const { expires, user, authName, npmName } = obj 222 const { expires, user, authName, npmName } = obj
@@ -223,12 +224,12 @@ function proxifyExternalAuthBypass (req: express.Request, res: express.Response)
223 const now = new Date() 224 const now = new Date()
224 if (now.getTime() > expires.getTime()) { 225 if (now.getTime() > expires.getTime()) {
225 logger.error('Cannot authenticate user with an expired external auth token') 226 logger.error('Cannot authenticate user with an expired external auth token')
226 return res.sendStatus(400) 227 return res.sendStatus(HttpStatusCode.BAD_REQUEST_400)
227 } 228 }
228 229
229 if (user.username !== req.body.username) { 230 if (user.username !== req.body.username) {
230 logger.error('Cannot authenticate user %s with invalid username %s.', req.body.username) 231 logger.error('Cannot authenticate user %s with invalid username %s.', req.body.username)
231 return res.sendStatus(400) 232 return res.sendStatus(HttpStatusCode.BAD_REQUEST_400)
232 } 233 }
233 234
234 // Bypass oauth library validation 235 // Bypass oauth library validation
diff --git a/server/lib/client-html.ts b/server/lib/client-html.ts
index 7d1d19588..a1a4a5316 100644
--- a/server/lib/client-html.ts
+++ b/server/lib/client-html.ts
@@ -22,6 +22,7 @@ import * as Bluebird from 'bluebird'
22import { CONFIG } from '../initializers/config' 22import { CONFIG } from '../initializers/config'
23import { logger } from '../helpers/logger' 23import { logger } from '../helpers/logger'
24import { MAccountActor, MChannelActor } from '../types/models' 24import { MAccountActor, MChannelActor } from '../types/models'
25import { HttpStatusCode } from '../../shared/core-utils/miscs/http-error-codes'
25 26
26type Tags = { 27type Tags = {
27 ogType: string 28 ogType: string
@@ -75,7 +76,7 @@ export class ClientHtml {
75 static async getWatchHTMLPage (videoId: string, req: express.Request, res: express.Response) { 76 static async getWatchHTMLPage (videoId: string, req: express.Request, res: express.Response) {
76 // Let Angular application handle errors 77 // Let Angular application handle errors
77 if (!validator.isInt(videoId) && !validator.isUUID(videoId, 4)) { 78 if (!validator.isInt(videoId) && !validator.isUUID(videoId, 4)) {
78 res.status(404) 79 res.status(HttpStatusCode.NOT_FOUND_404)
79 return ClientHtml.getIndexHTML(req, res) 80 return ClientHtml.getIndexHTML(req, res)
80 } 81 }
81 82
@@ -86,7 +87,7 @@ export class ClientHtml {
86 87
87 // Let Angular application handle errors 88 // Let Angular application handle errors
88 if (!video || video.privacy === VideoPrivacy.PRIVATE || video.privacy === VideoPrivacy.INTERNAL || video.VideoBlacklist) { 89 if (!video || video.privacy === VideoPrivacy.PRIVATE || video.privacy === VideoPrivacy.INTERNAL || video.VideoBlacklist) {
89 res.status(404) 90 res.status(HttpStatusCode.NOT_FOUND_404)
90 return html 91 return html
91 } 92 }
92 93
@@ -121,7 +122,7 @@ export class ClientHtml {
121 static async getWatchPlaylistHTMLPage (videoPlaylistId: string, req: express.Request, res: express.Response) { 122 static async getWatchPlaylistHTMLPage (videoPlaylistId: string, req: express.Request, res: express.Response) {
122 // Let Angular application handle errors 123 // Let Angular application handle errors
123 if (!validator.isInt(videoPlaylistId) && !validator.isUUID(videoPlaylistId, 4)) { 124 if (!validator.isInt(videoPlaylistId) && !validator.isUUID(videoPlaylistId, 4)) {
124 res.status(404) 125 res.status(HttpStatusCode.NOT_FOUND_404)
125 return ClientHtml.getIndexHTML(req, res) 126 return ClientHtml.getIndexHTML(req, res)
126 } 127 }
127 128
@@ -132,7 +133,7 @@ export class ClientHtml {
132 133
133 // Let Angular application handle errors 134 // Let Angular application handle errors
134 if (!videoPlaylist || videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { 135 if (!videoPlaylist || videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
135 res.status(404) 136 res.status(HttpStatusCode.NOT_FOUND_404)
136 return html 137 return html
137 } 138 }
138 139
@@ -201,7 +202,7 @@ export class ClientHtml {
201 202
202 // Let Angular application handle errors 203 // Let Angular application handle errors
203 if (!entity) { 204 if (!entity) {
204 res.status(404) 205 res.status(HttpStatusCode.NOT_FOUND_404)
205 return ClientHtml.getIndexHTML(req, res) 206 return ClientHtml.getIndexHTML(req, res)
206 } 207 }
207 208